Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2022-46365
HistoryMay 01, 2023 - 2:53 p.m.

CVE-2022-46365 Apache StreamPark (incubating): Logic error causing any account reset

2023-05-0114:53:50
CWE-20
apache
www.cve.org
apache streampark
logic error
account reset
security update

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON

Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache StreamPark (incubating)",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
github 1
nvd 1
prion 1
osv 1
cnvd 1
veracode 1
cve
cve
CVE-2022-46365
2023-05-01 15:15:09
github
github
Apache StreamPark Improper Input Validation vulnerability
2023-07-06 19:24:19
nvd
nvd
CVE-2022-46365
2023-05-01 15:15:09
prion
prion
Code injection
2023-05-01 15:15:00
osv
osv
Apache StreamPark Improper Input Validation vulnerability
2023-07-06 19:24:19
cnvd
cnvd
Apache StreamPark Input Validation Error Vulnerability
2023-05-08 00:00:00
veracode
veracode
Improper Input Validation
2023-05-08 10:46:10

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.7%

JSON
Related for CVELIST:CVE-2022-46365
cve1github1nvd1prion1osv1cnvd1veracode1